Mar 26, 2014

Proprietary Liberty Vs. Open-Source Security

Within the world of computers there is a significant sectarian divide of software being either proprietary or closed-sourced software versus open-source software. Examples of proprietary software is the vast majority of consumer purchased and freely available software such as Microsoft Office and Internet Explorer, Adobe Photoshop and Acrobat, Rosetta Stone, along with most games. Open-source software includes Firefox, Thunderbird, Pidgin messenger, Linux operating system, Libre Office suite, and GIMP photo editor. The difference between these two camps is access to the source code; proprietary software retains source code (instructions written in programming languages that can be read by human eyes before compiled and translated into 0s and 1s that are used by computers) a company secret akin to Coca-Cola's recipe. While open-source software free makes the source-code available to the user those who are initiated and know computer programming language can peruse and alter the code to one's heart content.

The division between proprietary and open-source software is a near perfect analogy for national security versus transparency debate. The national security apparatus presumes that they can not provide any semblance security or tranquillity without ad nauseam amounts of secrecy and opaqueness. Software publishers, being private companies can make the business decision to provide the source code or not, our government on the other hand are obligated to include the people's representatives on how security is exactly implemented while remaining within confines and restrictions of legal statutes (that can be plainly read by all citizens) and our Constitution; if such implementation can not be executed within legal restraint that are placed upon law enforcement and national security agencies while making the process available for public scrutiny then those demanding secrecy need to get moving to pass an amendment to the Constitution. The false argument that secrecy is absolutely needed to provide security need only to look at programming. Proprietary software may very well have impenetrable security measures when used, but the only means of knowing that is trusting the software publisher's word. Open-source ensures the usage of the software to be both rock solid stable and security not through blind trust but scrutiny of a community that revenue and test the code. Open-source being peer reviewed is a direct descendant of the Age of Enlightenment, just as scientific method and the rationale that our founding fathers borne this nation with, if public policy could not be defended in the light of day to the common person but relied on blind faith the policy was not worth implemented no matter how good the intentions are.

American national security is currently provided under a mentality straight out of the Dark Ages, with a dependence on the public to remain ignorant of both innocuous and heinous activity being done in the American public's name. The impenetrable vale of secrecy is actually detrimental to the cause of security. Arbitrary usage of indefensible actions such as torture (enhanced interrogation), indiscriminate remotely administered executions (signature drone strikes), and government intrusion into 300 million Americans' privacy (bulk domestic surveillance), all have two things in common that they are ineffective in providing security and they are not actions the American public ever wilfully consented to. It can be characterized that these actions are indefensible even by those that currently practitioners of these acts, merely by having these same actions being perpetrated by any other nation, local government, or group of individuals or these actions done to those the elite could relate to on a personal level. I believe that Barack Obama genuinely stopped surveillance on Angela Merkel, not because it was ineffective (which it was) for American national security purposes, but because he has met her and knows her (even if they had not met face to face, Barack Obama could easily relate to fellow head of state of a Western power).

Without widespread scrutiny, national security can only be provided with as much certainty as alchemists can transform base materials into precious metals; the alphabet soup that makes up national security apparatus (NSA, CIA, DIA, DoD, FBI, DHS, etc) are never to be challenged or questioned about the effectiveness of their activity, just as royalty of old were never to be questioned no matter how ridiculous their beliefs and actions were (Von Ludwig's castle, Marquis de Sade, or the parable of the emperor's new clothes). Individuals are free to believe whatever they want, even if they are to believe the world is flat and not round, until those beliefs harm others, such as using over-classification of the inner workings of our own government while professing a false sense of security leaves the American people ready to be blind-sided by those who want to carry off mass casualty events. That is harm that is unacceptable, no matter what the intentions are.

I propose an alternative in providing security, absolute transparency of the process and means which security is provided, that even those who wish to do the public harm would be aware of the defences (not the particular investigative targets or operational details, but what the law enforcement/national security is allowed and restricted from doing) which is exactly is done within the world of open-source software development. Despite black-hat hackers and other ne'er-do-wells have the same access to source codes that the developers have, and the open-source software through this transparent scrutiny is all the more reliable and secure entirely due to being put through the gauntlet. Proprietary software may have a lot more coders on the payroll, that are able to create and edit the code but like the Encyclopedia Britannica vs. Wikipedia is liable for significant flaws such as proprietary iOS devices to the GoTo Fail when handling SSL connections. It wasn't prevented by Apple because it wasn't big enough catch it, but due to it's size Apple had the hubris of assuming that an error that egregious would never occur under the watchful eye of the thousands of coders they had on payroll. PGP encryption being the creation of Phil Zimmerman, has made improvements over the 20 years in existence with help of a plethora of coders from all over the world.

Those interested in securing America would be able to audit protocols and procedures carried out by the national security apparatus and improve and innovate to ensure best practices are carried out. If there are things that are practices that are initially deemed unseemly, then effectiveness of usage can be weighed against perceived barbarism. As the Senate Intelligence Committee discovered only a couple of weeks ago, CIA use of "enhanced interrogation" was utterly ineffective and that practice should have been ended immediately if not never attempted (as our armed service men and women are trained in resistance to such torture, even though we already understood it to be ineffective except to get coerced apologies and political speeches for the benefit of North Korean or North Vietnamese audiences). But such abandonment of American principles could only happen under the vale of secrecy that occurs when national security apparatus classifies everything embarrassing, hiding their mistakes from public scrutiny.

This openness, is not a vector which can be utilized to carry out mass casualty events since the operational details would still remain secret, it would have the additional advantage that being so open we couldn't be characterized as "the Great Satan" or the "Evil Empire" any longer (this term originally used against the USSR, but American foreign policy since 9/11 certainly a case can be made that we have usurped the derogatory title); though we would have to take years to rebuild global trust, stopping our descent into moral darkness is a great first step.

We can remain under the rubric that not knowing what is being done is what is best for democracy, but that type of thinking is delusional, dangerous, and undemocratic. As President Kennedy said:

We are a nation of the brave, and a people that does not merely deserve to be trusted but entitled to be trusted by our government, anything else from our government is a treasonous act by our government.